Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0411

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...

7CVSS7.5AI score0.67071EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-24752

The Essential Addons for Elementor WordPress plugin is vulnerable to insufficient validation and sanitizing of the popup-selector query argument. Versions prior to 6.0.15 are affected...

7.1CVSS5.8AI score0.01157EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-9276

Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console...

9CVSS5.9AI score0.87173EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-48455

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows...

2.7CVSS5.8AI score0.06249EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/04 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-19410

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges including administrator...

9.8CVSS5.8AI score0.8646EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-25181

Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter...

7.5CVSS7.7AI score0.50557EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-57968

Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx...

9.9CVSS7.3AI score0.30477EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6298

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely...

10CVSS6.2AI score0.1901EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/02 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-7097

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings...

4.3CVSS5.8AI score0.0054EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/31 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-57727

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords...

9.1CVSS7.4AI score0.95151EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-25608

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows...

6.1CVSS5.8AI score0.0096EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-40891

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...

8.8CVSS5.9AI score0.19735EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-41710

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the...

7.2CVSS7.5AI score0.4161EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-40890

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...

8.8CVSS5.9AI score0.20121EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-3980

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...

10CVSS6AI score0.0518EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44055

A server side request forgery SSRF vulnerability is present in WordPress Oshine Modules Plugin that could allow a website to execute website requests to an arbitrary attacker-controlled domain...

6AI score0.00247EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-24085

Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges...

10CVSS5.8AI score0.18668EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-42448

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution RCE on the VSPC server machine...

9.9CVSS5.9AI score0.20057EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-32736

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryutaskverbose" function within MCUDBHelper...

7.5CVSS5.8AI score0.05408EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.7 views

VulnCheck KEV: CVE-2024-32739

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptaskverbose" function within MCUDBHelper...

7.5CVSS5.8AI score0.05408EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection...

9.1CVSS5.9AI score0.1131EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6205

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...

9.8CVSS5.9AI score0.04168EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...

9.8CVSS5.8AI score0.06765EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-32738

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptasklean" function within MCUDBHelper...

7.5CVSS5.8AI score0.04515EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-23006

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

9.8CVSS7.5AI score0.23432EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...

7.5CVSS5.8AI score0.17345EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-32737

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "querycontractresult" function within MCUDBHelper...

7.5CVSS5.8AI score0.05408EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...

9.8CVSS6AI score0.03638EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/21 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-24666

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module not activated by default, which adds the rest route '/services/contributor/?P\d+, takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi...

9.8CVSS5.8AI score0.09404EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-13375

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifierrecover function...

9.8CVSS5.8AI score0.0139EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-23209

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution...

8.1CVSS7.5AI score0.04714EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

8.8CVSS7.5AI score0.64354EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

5.4CVSS7.2AI score0.00585EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-21335

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS5.8AI score0.01363EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

9.8CVSS7.3AI score0.98259EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-21334

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS5.8AI score0.0153EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/14 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-21333

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS6AI score0.09798EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-31059

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php...

7.5CVSS5.8AI score0.05574EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-0282

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution...

9CVSS7.9AI score0.99971EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-52875

Several vulnerabilities are present in GFI KerioControl due to improper sanitization of the 'dest' GET parameter used to generate a 'Location' HTTP header. The affected endpoints include /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. Exploitation could allow...

8.8CVSS7.3AI score0.29116EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0283

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution...

7CVSS6.5AI score0.17108EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-50603

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...

10CVSS7.5AI score0.98545EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/02 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-18371

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can...

7.5CVSS7.4AI score0.55427EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-3393

Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter...

8.7CVSS7.3AI score0.26636EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-33112

D-Link DIR-845L v1.01KRb03 and before is vulnerable to an operating system command injection vulnerability...

7.5CVSS7.3AI score0.06457EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-37056

D-Link GO-RT-AC750 GORTAC750revAv101b03 and GO-RT-AC750revBFWv200b02 is vulnerable to an operating system command injection vulnerability...

9.8CVSS7.3AI score0.10327EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/24 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-11305

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...

6.5CVSS5.6AI score0.03725EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-47643

SuiteCRM is a Customer Relationship Management CRM software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the...

5.3CVSS5.8AI score0.03002EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/24 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS5.8AI score0.4457EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-31446

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup...

9.8CVSS5.8AI score0.61081EPSS
Exploits1References1
Total number of security vulnerabilities4985